Search form

You are here

Home › John Lister › Microsoft Says Latest Bugs Genuine, But No Need To Panic

Microsoft Says Latest Bugs Genuine, But No Need To Panic

by John Lister on August, 13 2010 at 08:08AM EDT

Microsoft has confirmed it's investigating yet another large-scale bug affecting all supported editions of Windows. At the same time, it's ruled out issuing an emergency patch for the kernel-related issue that emerged just last week.

On Tuesday, Microsoft issued a record-breaking monthly Patch Tuesday update containing a record 14 security bulletins. When that was announced, it looked as if it would be network administrators who'd be in for a particularly busy time, while Microsoft security staff could at least have some breathing room. That turned out not to be the case.

Bogus Color Data Breaches Security

Microsoft was hit with the new bug between announcing and delivering this month's Patch Tuesday update. The newly discovered bug works by allowing hackers to overload a section of memory dealing with colors. Once the memory overflows, it leaks into other sections of restricted memory and thereby allows hackers unrestricted rights to the machine.

Microsoft confirms it has concluded a preliminary investigation. It says that although the problem is genuine, it can only be exploited by somebody who has physical access to a machine and must logged in to a Windows account. Because of these restrictions, Microsoft says it will not issue an emergency patch, but will instead fix the flaw in a future update. (Source: technet.com)

Security Advisory for Windows Service Isolation Bug

Meanwhile, Microsoft has issued a security advisory for a bug that affects the Windows Service Isolation. The bug means it's theoretically possible that an attacker could gain a level of access to the computer normally reserved for legitimate and trusted users.

According to Microsoft, there are only limited circumstances where this could be exploited. It says no patch is needed as Windows Service Isolation is simply a back-up security measure and would only come into play if a more serious security breach had already taken place. Instead, it has published a downloadable file which changes Windows settings to work around the bug. (Source: microsoft.com)